Statutes, codes, and regulations
Texas Administrative Code
Title 1 - ADMINISTRATIONPart 15 - TEXAS HEALTH AND HUMAN SERVICES COMMISSIONChapter 390 - INFORMATION PRACTICES
Subchapter A - STANDARDS RELATING TO THE ELECTRONIC EXCHANGE OF HEALTH INFORMATION
Section 390.2 - Standards

1 Tex. Admin. Code § 390.2

Download
PDF
Current through Reg. 49, No. 52; December 27, 2024
Section 390.2 - Standards
(a) A covered entity that electronically exchanges, uses, or discloses PHI, at a minimum, must comply with the following standards for confidential information in any form, to the extent applicable:
(1) HIPAA Privacy, Security and Breach Notification Regulations;
(2) the Texas Medical Records Privacy Act, Chapter 181 of the Texas Health and Safety Code;
(3) the Texas Identity Theft Act, Chapter 521 of the Texas Business and Commerce Code; and
(4) any other applicable state or federal law or regulation that requires that confidential information be safeguarded, used, or disclosed only for authorized purposes by authorized users, including without limitation:
(A) requirements applicable to the following specific types of data:
(i) Cancer: Texas Health and Safety Code § RSA 82.008 and § RSA 82.009; Title 25 Texas Administrative Code (TAC) §91.9 (relating to Confidentiality and Disclosure);
(ii) HIV/AIDS: Texas Health and Safety Code § RSA 81.103, HIV/AIDS Test Results, and 40 TAC §RSA 8.288(relating to Confidentiality of Test Results);
(iii) Genetic: Genetic Information Nondiscrimination Act of 2008 (GINA) Pub. L. No. 110-233 and applicable regulations promulgated under that act; Texas Insurance Code, Chapter 546, Subchapter C; Texas Labor Code § RSA 21.403 and § RSA 21.404; Texas Occupations Code, Chapter 58;
(iv) Sexual assault: Texas Health and Safety Code, Chapter, 44, Subchapter C;
(v) Communicable diseases: Texas Health and Safety Code § RSA 81.046; 25 TAC § RSA 97.10(relating to Confidential Nature of Case Reporting and Records);
(vi) Mental health: Texas Health and Safety Code, Chapter 611, Mental Health Records/Substance Abuse Records;
(vii) Substance abuse or substance use disorder: 42 CFR Part 2, Confidentiality of Alcohol and Drug Abuse Patient Records; Texas Health and Safety Code, Chapter 611, Mental Health Records/Substance Abuse Records;
(viii) Immunizations: Texas Health and Safety Code § RSA 161.0073 and § RSA 161.009; 25 TAC § RSA 100.2(relating to Confidentiality);
(ix) Bureau of Vital Statistics: Texas Government Code § RSA 552.115; Texas Health and Safety Code Chapters 192 and 193, §195.005; 25 TAC Chapter 181 (relating to Vital Statistics);
(x) Reports of abuse or neglect: Texas Human Resources Code, Chapter 48, Report of Abuse or Neglect of Elderly or Disabled Persons; Texas Health and Safety Code § RSA 161.132; Family Code Chapter 261, Reports of Child Abuse;
(xi) Federal tax information: Internal Revenue Code, Title 26, RSA 6103; IRS Publication 1075;
(xii) Social Security Administration data: RSA 1306, 20 CFR Part 401;
(xiii) Occupational diseases: Texas Health and Safety Code § RSA 84.006; 25 TAC § RSA 99.1(relating to General Provisions);
(xiv) Family planning: 25 TAC §RSA 56.11(relating to Confidentiality); and
(xv) Recipients of government benefits: requirements for use of disclosure of client information about or concerning recipients of government benefits such as Medicaid, the Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), or the Children's Health Insurance Program (CHIP), by HHSC or its designee(s), third party, or business associate: RSA 272(SNAP); RSA 205.50(TANF); RSA 431.300 et seq. (Medicaid); RSA 457.1110(CHIP);
(B) requirements applicable to data held by the following specific types of providers, facilities, and services:
(i) Hospitals: Texas Health and Safety Code, Chapter 241, Subchapter G, Hospital Disclosures of Health Care Information; 25 TAC § RSA 133.42(relating to Patient Rights);
(ii) Nursing facilities: Texas Health and Safety Code, Chapter 242, §242.134 and §242.501(8), Nursing Home Resident Rights; 40 TAC §RSA 19.407(relating to Privacy and Confidentiality);
(iii) Intermediate care facilities for persons with an intellectual disability or related conditions (ICF/IID): Texas Health and Safety Code, Chapter 252, §252.126 and §252.134;
(iv) Freestanding emergency medical care facilities: Texas Health and Safety Code Chapter 254; 25 TAC § RSA 131.53(relating to Medical Records);
(v) Ambulatory surgical centers: Texas Health and Safety Code, Chapter 243, 25 TAC § RSA 135.5(relating to Patient Rights);
(vi) Emergency medical services: Texas Health and Safety Code, Chapter 773, §§773.079 - 773.096; 25 TAC § RSA 157.11(relating to Requirements for an EMS Provider License);
(vii) Physicians: Texas Occupations Code, Chapter 159, Physician-Patient Communication;
(viii) Chiropractors: Texas Occupations Code §§ RSA 201.402 - RSA 201.405, Chiropractor-Patient Confidentiality;
(ix) Dentists: Texas Occupations Code §§ RSA 258.051 et seq., Dental-Patient Confidentiality;
(x) Labs: Clinical Laboratory Improvement Amendments (CLIA) (1988); RSA 493.1291;
(xi) Pharmacists: Texas Occupations Code, Chapter 562, §562.052, Confidential Records of Pharmacists;
(xii) Podiatrists: Texas Occupations Code, Chapter 202, Subchapter I, §§202.401 et seq., Podiatrist Privilege and Confidentiality;
(xiii) Personal health record vendors: Health Breach Notification Rule for Vendors of Personal Health Records, 16 CFR Part 318;
(xiv) End stage renal disease facilities: Texas Health and Safety Code § RSA 251.011; 25 TAC § RSA 117.42(relating to Patient Rights);
(xv) Special care facilities (AIDS): 25 TAC §RSA 125.33(relating to Resident Rights);
(xvi) Private psychiatric hospitals and crisis stabilization units: Texas Health and Safety Code § RSA 577.013: 25 TAC Chapter 134 (relating to Private Psychiatric Hospitals and Crisis Stabilization Units);
(xvii) Birthing centers: 25 TAC § RSA 137.53(relating to Clinical Records);
(xviii) Applicable health professions regulated by 25 TAC Chapter 140 (relating to Health Professions Regulation) confidentiality requirements under 25 TAC Chapter 140 or other applicable law for, such as:
(I) licensed chemical dependency counselors and treatment facilities, Texas Occupations Code § RSA 504.251; 25 TAC § RSA 140.424(relating to Standards for Private Practice); Texas Health and Safety Code, Chapter 464; 25 TAC Chapter 448 (relating to Standard of Care);
(II) medical radiologic technologists, 25 TAC §RSA 140.514(relating to Disciplinary Actions);
(III) dyslexia therapists and dyslexia practitioners, 25 TAC §140.586(relating to Code of Ethics; Duties and Responsibilities of License Holders); and
(IV) promotores or community health workers: 25 TAC §RSA 146.11(relating to Professional and Ethical Standards); and
(C) requirements applicable to data about the following specific types of individuals:
(i) Minors: Texas Family Code §§ RSA 32.003, RSA 32.004, RSA 151.003, RSA 153.073, RSA 153.074, and RSA 153.132; Texas Occupations Code § RSA 159.005; Texas Civil Practice and Remedies Code § RSA 129.001;
(ii) Children with Special Health Care Needs Services Program: 25 TAC §RSA 38.5(relating to Rights and Responsibilities of a Client's Parents, Foster Parents, Guardian, or Managing Conservator, or an Adult Client); and
(iii) Early and Periodic Screening, Diagnosis, and Treatment: 25 TAC § RSA 33.30(relating to Confidentiality of Records).
(b) These standards do not apply to de-identified information.

1 Tex. Admin. Code § 390.2

The provisions of this §390.2 adopted to be effective January 27, 2013, 38 TexReg 291